There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot bsod computer connection cpu crash css dell desktop dma driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware hijackthis hjt install internet internet explorer itunes keyboard laptop macro malware monitor motherboard network networking outlook outlook 2003 outlook 2007 outlook express pio problem problems router seo server slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp winxp wireless
General Security
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > General Security >
Solved: Is Someone Trying to Take Over My Computer??


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

 
Thread Tools
hubbleman007's Avatar
Junior Member with 22 posts.
  
Join Date: Jun 2008
Location: Marietta, Ohio
Experience: Beginner
23-Jun-2008, 10:44 AM #1
Question Solved: Is Someone Trying to Take Over My Computer??
I was going through some logs last night, and came upon this: Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/03/2008 14:33:15.546 thread:3300 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/03/2008 14:52:59.437 thread:1468 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/04/2008 14:16:23.125 thread:3308 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/04/2008 14:36:04.375 thread:3756 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/05/2008 09:20:54.312 thread:3052 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/05/2008 09:40:35.750 thread:2740 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/06/2008 13:36:46.968 thread:3452 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/06/2008 13:57:15.125 thread:2072 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/07/2008 09:40:18.062 thread:3268 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/07/2008 09:59:50.906 thread:2368 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Shell Name Explorer.exe in Registry not found in process list. 06/09/2008 04:37:04.953 thread:3256 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/09/2008 04:37:04.968 thread:3256 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/09/2008 04:37:15.968 thread:3908 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/09/2008 04:56:18.875 thread:2912 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/09/2008 10:49:14.687 thread:2880 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/09/2008 11:09:05.796 thread:3136 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/09/2008 19:21:41.718 thread:3236 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/09/2008 19:41:54.828 thread:3800 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/09/2008 23:22:11.437 thread:3260 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/09/2008 23:42:22.500 thread:716 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/10/2008 14:04:27.468 thread:2976 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/10/2008 14:24:41.843 thread:2104 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/10/2008 16:08:57.468 thread:3408 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/10/2008 16:29:01.281 thread:3492 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/11/2008 02:39:55.299 thread:3720 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/11/2008 02:45:54.908 thread:4048 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/11/2008 03:23:16.939 thread:2880 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/11/2008 03:33:48.955 thread:3116 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/11/2008 03:34:45.814 thread:4024 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/11/2008 09:40:44.140 thread:3300 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/11/2008 10:00:52.640 thread:2420 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/11/2008 16:38:28.218 thread:2652 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/11/2008 16:58:20.953 thread:2972 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/11/2008 21:49:53.265 thread:3332 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/11/2008 22:10:26.000 thread:2760 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/12/2008 00:40:11.234 thread:3284 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/12/2008 01:00:22.734 thread:1204 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/12/2008 14:53:18.968 thread:3084 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/12/2008 15:12:57.625 thread:916 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/12/2008 15:43:05.546 thread:3284 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/12/2008 16:02:46.796 thread:2236 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/13/2008 09:56:57.875 thread:3300 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/13/2008 10:16:58.718 thread:384 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/13/2008 21:19:13.140 thread:3732 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/13/2008 21:38:35.578 thread:640 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/14/2008 01:00:48.484 thread:3480 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/14/2008 01:21:00.312 thread:2312 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 09:59:53.265 thread:3148 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 09:59:53.265 thread:3148 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/14/2008 10:10:17.625 thread:3760 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/14/2008 10:13:30.218 thread:3252 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/14/2008 10:33:11.703 thread:1820 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/14/2008 13:06:32.406 thread:2604 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 13:06:33.734 thread:2440 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 13:06:33.750 thread:2440 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/14/2008 13:55:59.187 thread:3896 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/14/2008 14:44:20.203 thread:3172 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:11.218 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:11.234 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:13.453 thread:3096 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:13.453 thread:3096 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:13.546 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:13.546 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:13.578 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:13.578 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:13.609 thread:3096 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:13.609 thread:3096 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:13.640 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:13.640 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:13.687 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:13.703 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]

Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:14.078 thread:3096 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:14.203 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:14.218 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:14.234 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:14.250 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:14.265 thread:3096 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:14.281 thread:3096 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:14.296 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:14.312 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:14.343 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:14.343 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:14.375 thread:3096 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:14.375 thread:3096 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:14.515 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:14.515 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:14.578 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:14.578 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:14.625 thread:3096 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:14.625 thread:3096 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:14.656 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:14.656 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:15.093 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:15.093 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:15.140 thread:3096 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:15.156 thread:3096 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:15.171 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:15.187 thread:3084 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/14/2008 14:58:15.265 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/14/2008 14:58:15.265 thread:3104 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/14/2008 14:58:33.968 thread:4068 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/14/2008 15:19:13.343 thread:3916 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/14/2008 17:51:50.140 thread:3664 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/14/2008 18:10:55.812 thread:2192 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/15/2008 10:13:50.437 thread:3836 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/15/2008 10:33:15.078 thread:2668 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/16/2008 13:02:01.859 thread:3016 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/16/2008 13:21:54.203 thread:1584 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/16/2008 19:34:19.609 thread:3428 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/16/2008 19:53:53.734 thread:4020 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/17/2008 00:16:24.468 thread:3056 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/17/2008 00:36:13.531 thread:3912 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/17/2008 21:49:14.265 thread:3032 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/17/2008 22:09:23.140 thread:1192 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/18/2008 16:29:43.140 thread:2248 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 06/18/2008 16:48:43.696 thread:2556 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting)
Shell Name Explorer.exe in Registry not found in process list. 06/19/2008 12:44:48.500 thread:3264 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/19/2008 12:44:48.500 thread:3264 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 06/19/2008 12:44:48.562 thread:3252 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 06/19/2008

Does this mean someone is trying to take over my computer? If yes, how can i find out who it is, and stop them?
MikeSwim07's Avatar
Computer Specs
Distinguished Member with 4,202 posts.
  
Join Date: Apr 2007
Location: Cleveland, Ohio
Experience: Training at MRU
23-Jun-2008, 01:18 PM #2
You should probably post in this forum if you think you need help with malware removal.

http://forums.techguy.org/54-malware...jackthis-logs/
hubbleman007's Avatar
Junior Member with 22 posts.
  
Join Date: Jun 2008
Location: Marietta, Ohio
Experience: Beginner
23-Jun-2008, 01:20 PM #3
Ok, Thanks. Do I have to retype the whole thing, or is there some way just to move it?
MikeSwim07's Avatar
Computer Specs
Distinguished Member with 4,202 posts.
  
Join Date: Apr 2007
Location: Cleveland, Ohio
Experience: Training at MRU
23-Jun-2008, 01:28 PM #4
Do this and post the log in malware removal forum:

Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
__________________
Whether you think you can or whether you think you can't, you're right. - Henry Ford

If we have helped, please consider donating to us.

I am in training at Malware Removal University - You too could train to help others

spam_bot_food@hotmail.com | Read this | http://www.auditmypc.com/freescan/antispam.html
hubbleman007's Avatar
Junior Member with 22 posts.
  
Join Date: Jun 2008
Location: Marietta, Ohio
Experience: Beginner
23-Jun-2008, 01:33 PM #5
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:50 PM, on 6/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\iscsiexe.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ashDisp] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1202660629-1580436667-1708537768-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Administrator')
O4 - HKUS\S-1-5-21-1202660629-1580436667-1708537768-501\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Guest')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Nero AG - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
MikeSwim07's Avatar
Computer Specs
Distinguished Member with 4,202 posts.
  
Join Date: Apr 2007
Location: Cleveland, Ohio
Experience: Training at MRU
23-Jun-2008, 01:34 PM #6
Quote:
Do this and post the log in malware removal forum:
Reply

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off

Related Sites: Support.com | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 01:39 AM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.